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DETAILED ACTION 
Election/Restriction 
This office action is in response to the response to election/restriction filed on 
1 1/09/2005. Applicant elected to prosecute the claims of Group 1 (1-37, 39-42, 45-58, 67-69, 
and 71-73) without traverse. Applicant also cancelled non-elected claims 59-63 and 64-66. 
Therefore, presently pending claims are 1-37, 39-42, 45-58, 67-69, and 71-73. 

Response to Arguments 
Applicant's arguments filed 1 1/09/2005 have been fully considered. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: '. 

. . . '\ 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 5, and 69 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Walker et al (20010004609 Al) in view of Carter et al (6,601,171 Bl) and further in view of 
Walker et al (6,935,952 B2). 

In reference to claims I, 5, and 69, Walker ( c 609) discloses a method and computer 
readable instructions comprising: initiating an online gaming activity from a gaming system with 
multiple users (page 8 paragraph 90). The game initializes by loading the player's preferences. 

i 

The game players are authenticated by providing a unique identifier such as a password (page 3 
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paragraph 0045 in combination with page 5 paragraph 0066). The central controller is the 
authentication entity. 

Although Walker ( £ 609) discloses the authentication of users, Walker ('609) does not 
expressly disclose authenticating the multiple users together in a single request /reply exchange. 

Carter discloses a system for delegation (authentication) of multiple users in a distributed 
system. Wherein a user sends a request to a distributed deputization point to deputize and 
therefore authenticate deputy nodes in a single request reply (Fig. 2; column 8 lines 30-43 and 
lines 58-67; column 1 1 lines 40-50). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to authenticate multiple users in a single request/reply exchange as in Carter in the 
system of Walker ('609). One of ordinary skill in the art would have been motivated to do this 
because the system would not require a global namespace (Carter column 6 lines 1-5). 

Although Walker ('609) discloses the authentication of users and Carter discloses a 
system for delegation of multiple users and therefore authenticating the multiple users, Walker 
('609) and Carter do not disclose authenticating the gaming system, a game title, and an online 
service 

Walker ('952) discloses a remote gaming system whereby a player can gamble against a 
wagering establishment or state-run lottery from a remote location on a personal computer 
(abstract). Walker ( £ 952) further discloses authentication the gaming system (users machine; 
column 9 lines 40-60), a game title (the program; column 13 lines 39-67); and an online service 
(banking services; column 18 lines 45-67). 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add more means of authentication such as the means disclosed by Walker ('952) 
in the system of Walker ('609). One of ordinary skill in the art would have been motivated to do 
this because multiple means of authentication would prevent a third party from obtaining access 
to gambling (column 19 lines 60-65). 



Claims 2-4, 6-44,Yand 70-74 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Walker ('609), Carter and Walker ('952) as applied to claims 1, 5, 51-52, and 69 above, and 
further in view of Stallings and Carter. 

In reference to claims 6, 15-16, 25-26, 28-29, 31-32, 37, 39, 42-44, 67, and 72-74 Walker 
('609) discloses a method and computer readable instructions comprising: initiating an online 
gaming activity from a gaming system with multiple users (page 8 paragraph 90). The game 
initializes by loading the player's preferences. The game players are authenticated by providing a 
unique identifier such as a password (page 3 paragraph 0045 in combination with page 5 
paragraph 0066). The central controller is the authentication entity. Walker ('609) discloses the 
possibility of teams playing therefore suggests the possibility of consolidating the authentication 
of the players using the multiple user identity. The identity of the team performs the function of 
the multiple user identity. 

Although Walker ('609) discloses an authentication entity, Walker ('609) does not 
disclose a third party or a ticket issuing entity and therefore submitting a request from a game 
console to a ticket issuing entity, the request containing a game console identity, and an identity 
of an online service; returning a ticket from the ticket issuing entity to the game console the 
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ticket containing the game console identity encrypted with a key associated with the online 
service; passing the ticket from the game console to the online service; and decrypting the ticket 
at the online service, wherein after the decrypting the authenticity of the multiple users contained 
in the ticket is trusted. 

Stalling teaches the system of Kerberos key exchange comprising submitting a request 
from a game console to a ticket issuing entity, the request containing a game console identity, 
and an identity of an online service (page 337 table 1 1 .3 message 3). The message has the 
identity of the service that the client requires (EDv) and the Ticket, which includes the identity of 
the client. The ticket issuing entity returns a ticket to the game console the ticket containing the 
game console identity encrypted with a key associated with the online service (page 337 table 
11.3 message 4 especially Ticketv). The game console (client) passes the ticket to the online 
service (message 5 page 338 paragraph 5); and the online service decrypts the ticket at the online 
service, wherein after the decrypting the authenticity of the multiple users contained in the ticket 
is trusted (page 338 paragraph 6). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of ticekts as 
in Stalling in the system of Walker ('609). One of ordinary skill in the art would have been 
motivated to do this because it is a system that would provide mediation for the mutual 
authentication of the server and the client. 

Walker ('609) discloses a system for online gaming service. Stallings discloses a system 
wherein a third party provides authentication and ticket. However, neither Walker ('609) nor 
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Stall ings disclose a system wherein multiple users are authenticated together in a single 
request/reply exchange with an authentication entity. 

Carter discloses a system for delegation (authentication) of multiple users in a distributed 
system. Wherein a user sends a request to a distributed deputization point to deputize and 
therefore authenticate deputy nodes (Fig. 2; column 8 lines 30-43 and lines 58-67; column 1 1 
lines 40-50). * 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to authenticate multiple users in a single request/reply exchange as in Carter in the 
system of Walker ('609). One of ordinary skill in the art would have been motivated to do this 
because the system would not require a global namespace (Carter column 6 lines 1-5). 

Although Walker ('609) discloses the authentication of users and Carter discloses a 
system for delegation of multiple users and therefore authenticating the multiple users, Walker 
('609) and Carter do not disclose authenticating the gaming system, a game title, and an online 
service 

Walker ('952) discloses a remote gaming system whereby a player can gamble against a 
wagering establishment or state-run lottery from a remote location on a personal computer 
(abstract). Walker ('952) further discloses authentication the gaming system (users machine; 
column 9 lines 40-60), a game title (the program; column 13 lines 39-67); and an online service 
(banking services; column 18 lines 45-67). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add more means of authentication such as the means disclosed by Walker ( £ 952) 
in the system of Walker ('609). One of ordinary skill in the art would have been motivated to do 
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this because multiple means of authentication would prevent a third party from obtaining access 
to gambling (column 19 lines 60-65). 

In reference to claims 2, 33, and 35-36, Walker ( e 609) discloses a method of 
authenticating that comprises: submitting a request from the gaming system to the authenticating 
entity, the request containing identities of the multiple users (Walker ( c 609) page 5 paragraph 
0066); 

Walker ('609) does not disclose returning a reply from the authentication entity to the 
gaming system that can be used to authenticate the multiple users in the online gaming activity. 

Stallings discloses the use of Kerberos as a ticket issuing system where a ticket is sent to 
the client for authenticating to the server (pages 337 and 338) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of ticekts as 
in Stalling in the system of Walker ('609). One of ordinary skill in the art would have been 
motivated to do this because it is a system that would provide mediation for the mutual 
authentication of the server and the client. 

In reference to claims 3, 7, 19, 27, 34, 38, and 70-71, Walker ('609) does not disclose a 
system to distribute a ticket for authentication purposes. 

Stalling discloses a method wherein the authenticating comprises forming, at the gaming 
system a request containing an identity string that includes a gaming system identity, multiple 
user identities, and an identity of an online service; submitting the request from the gaming 
system to the authentication entity; creating at the authentication entity, a reply containing the 
identity string and a session key KXA to be used in communication between the gaming system 
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and the online service, the reply being encrypted with a key associated with the online service; 
and returning the reply from the authentication entity to the gaming system (pages 337 and 338). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of tickets as 
in Stalling in the system of Walker ( c 609). One of ordinary skill in the art would have been 
motivated to do this because it is a system that would provide mediation for the mutual 
authentication of the server and the client. 

In reference to claim 4 f a method wherein the authenticating comprises exchanging 
messages specified in the Kerberos protocol, the response message containing a ticket having a 
authorization data field which acknowledges that multiple identities have been authenticated 
(Stallings page 335). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of tickets as 
in Stalling in the system of Walker ('609). One of ordinary skill in the art would have been 
motivated to do this because it is a system that would provide mediation for the mutual 
authentication of the server and the client. 

t 

In reference to claim 8, a method further comprising sending some cryptographically 
information to prove knowledge of the user's key while submitting the request (Stallings page 
337 table 1 1 .3 message 3). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to using cryptographic information to prove knowledge of the user's key as in 
Stalling in the system of Walker ('609). One of ordinary skill in the art would have been 
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motivated to do this because it is not possible for an opponent to guess the key without 
knowledge of the encryption keys (Stallings page 338). 

In reference to claims 9 and 20, Walker ( £ 609) discloses a method wherein a time that 
game, and therefore the ticket, is generated, a second time parameter indicative of when the 
game (ticket) expires (pages 7 paragraphs 0088-0089). 

However Walker ('609) does not disclose Kerberos ticket distribution. 

Stalling teaches the ticket further includes at least one of the online service identity, and a 
randomly generated session key to be used in communication between the game console and the 
onlinse service (table 1 1.3 page 337). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a randomly generated session key as in Stalling in the system of Walker 
('609). One of ordinary skill in the art would have been motivated to do this because it would 
protect a specific session and change regularly. 

In reference to claim 10, a method wherein the returning further comprises sending an 
attached message along with the ticket form the ticket issuing entity to the game console, the 
message containing a randomly generated session key to be used in communication between the 
game console and the online service (page 338 paragarphs 5 and;6). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a randomly generated session key as in Stalling in the system of Walker 
('609). One of ordinary skill in the art would have been motivated to do this because it would 
protect a specific session and change regularly. 
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In reference to claim 11, a method wherein the attached session message is encrypted 
with a key associated with the game console (Stalling page 338 paragarphs 5 and 6).. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to encrypt the session message with a key associated with the game console as in 
Stalling in the system of Walker ('609). One of ordinary skill in the art would have been 
motivated to do this because this would authenticate the server in the mutual authentication 
process. 1 

t 

In reference to claims 12 and 22, a method wherein the passing comprises sending a 
second message with a current time encrypted with the session key (Stallings page 330 paragraph 
3). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include a timestamp as in Stalling in the system of Walker ( c 609). One of 
ordinary skill in the art would have been motivated to do this because it would prove that the 
message is timely. 

In reference to claims 13, 23, and 68, a method wherein the ticket further includes a 
randomly generated session key and the verifying, at the online service, further comprises: 
decrypting the ticket using the key associated with the online service to recover the session key; 
decrypting the second message with the session key to recover the current time; and 
authenticating the multiple users and the game console in the even that the recovered current 
time is within an acceptable time window from the current time (Stallings page 338 paragraphs 
5-6). 



Application/Control Number: 09/802,795 Page 1 1 

Art Unit: 2135 

1 

At the time the invention was made, it would have been obvious to* a person of ordinary 
skill in the art to use a randomly generated session key as in Stalling in the* system of Walker 
( l 609). One of ordinary skill in the art would have been motivated to do this because it would 
protect a specific session and change regularly. 

In reference to claim 14, a method of claim 6, further comprising: sending a reply from 
the online service to the game console; and verifying, at the game console^an authenticity of the 
reply (Stallings page 338). 

At the time the invention was made, it would have been obvious to send the ticket to the 
online service as in Stalling in the system of Walker ('609). One of ordinary skill in the art 
would have been motivated to do this because the ticket is used for mutual authentication of the 
server and client. 

In reference to claim 17a method wherein the creating comprises computing 
cryptographic hash digests of user keys associated with the multiple users, each user identity 
being a combination of the user identity and the cryptographic hash of an associated user key 
(Walker ( £ 609) page 5 paragraph 0066). 

In reference to claim 18, a method wherein the creating comprises encrypting a time 
value using keys associated with the multiple users, each user identity being a combination of the 
user identity and the current time encrypted with the user key (Stallings page 330 paragraph 3). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include a timestamp as in Stalling in the system of Walker ('609). One of 
ordinary skill in the art would have been motivated to do this because it would prove that the 
message is timely. 
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In reference to claim 21, a method further comprising encrypting the session key KXA 
with a key associated with the game console before the sending of the session key to the game 
console (Stalling table 1 1.3 page 337). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to encrypt the session message with a key associated with the game console as in 
Stalling in the system of Walker ('609). One of ordinary skill in the art would have been 
motivated to do this because this would authenticate the server in the mutual authentication 
process. 

In reference to claim 24, a method further comprising: sending a reply from the online 
service to the game console, the reply containing the time value encrypted using the session key 
KXA; and verifying, at the console, an authenticity of the online service in an event that the 
game console successfully decrypts the time value using the session key KXA, and the time 
value returned matches the time value sent to the online service (Stalling page 338 paragraphs 5- 
6). 

At the time the invention was made, it would have been obvious to send the ticket to the 
online service as in Stalling in the system of Walker ('609). One of ordinary skill in the art 
would have been motivated to do this because the ticket is used for mutual authentication of the 
server and client. 

In reference to claim 30, a method further comprising sending the ticket to the online 
service (Stallings page 338). 

At the time the invention was made, it would have been obvious to send the ticket to the 
online service as in Stalling in the system of Walker ('609). One of ordinary skill in the art 
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would have been motivated to do this because the ticket is used for mutual authentication of the 
server and client. 

In reference to claim 40, a method further comprising encrypting the ticket with a key 
associated with the third party prior to said returning the ticket (Stallings page 338 paragraph 6). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to using cryptographic information to encrypt the key with the use of a key 
associated with the third party as in Stalling in the system of Walker ('609). One of ordinary 
skill in the art would have been motivated to do this because it is not possible for an opponent to 
guess the key without knowledge of the encryption keys (Stallings page 338). 

In reference to claim 41, a method further comprising: generating a session key to be 
used in communication between the game console and the third party; and sending the session 
key to the game console (Stallings page 338 paragraphs 5-6). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use a randomly generated session key as in Stalling in the system of Walker 
( £ 609). One of ordinary skill in the art would have been motivated to do this because it would 
protect a specific session and change regularly. { 

Claims 45-58 are rejected under 35 U.S.C. 103(a) as being unpatentable over Walker 
( c 609) et al (20010004609 Al) in view of Rackman (5,592,651) and Stallings and Carter. 

In reference to claims 45 and 51-52 and 58, Walker ('609) discloses a method for 
authentication in a game comprising: storing the authentication information in a database to be 
used for authenticating (pages 3-4 paragraph 0045). 
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Walker ( l 609) does not expressly disclose constructing a game console with associated 
authentication information; and using it for the authentication of the game console after the game 
console is released from manufacturing. 

Rackman discloses the use of the serial number for identifying the game console (column 
7 lines 33-52). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the serial number of a machine to authenticate the machine. One of 
ordinary skill in the art would have been motivated to do this because the serial number is a 
unique identifier and the user uses that particular machine to play the game. 

Although Walker ( c 609) discloses the authentication of users, Walker ( £ 609) does not 
expressly disclose authenticating the multiple users together in a single request /reply exchange. 

Carter discloses a system for delegation (authentication) of multiple users in a distributed 
system. Wherein a user sends a request to a distributed deputization point to deputize and 
therefore authenticate deputy nodes in a single request reply (Fig. 2; column 8 lines 30-43 and 
lines 58-67; column 1 1 lines 40-50). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to authenticate multiple users in a single request/reply exchange as in Carter in the 
system of Walker ('609). One of ordinary skill in the art would have been motivated to do this 
because the system would not require a global namespace (Carter column 6 lines 1-5). 

Although Walker ('609) discloses the authentication of users and Carter discloses a 
system for delegation of multiple users and therefore authenticating the multiple users, Walker 
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('609) and Carter do not disclose authenticating the gaming system, a game title, and an online 
service 

Walker ('952) discloses a remote gaming system whereby a player can gamble against a 
wagering establishment or state-run lottery from a remote location on a personal computer 
(abstract). Walker ( c 952) further discloses authentication the gaming system (users machine; 
column 9 lines 40-60), a game title (the program; column 13 lines 39-67); and an online service 
(banking services; column 18 lines 45-67). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to add more means of authentication such as the means disclosed by Walker ('952) 
in the system of Walker ('609). One of ordinary skill in the art would have been motivated to do 
this because multiple means of authentication would prevent a third party from obtaining access 
to gambling (column 19 lines 60-65). 

In reference to claims 46-47,54, and 56, Walker ('609) discloses a method of 
authenticating that comprises: submitting a request from the gaming system to the authenticating 
entity, the request containing identities of the multiple users (Walker ('609) page 5 paragraph 
0066); 

Walker ('609) does not disclose returning a reply from the authentication entity to the 
gaming system that can be used to authenticate the multiple users in the online gaming activity. 

Stallings discloses the use of Kerberos as a ticket issuing system where a ticket is sent to 
the client for authenticating to the server (pages 337 and 338) 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of ticekts as 
in Stalling in the system of Walker ('609). One of ordinary skill in the art would have been 
motivated to do this because it is a system that would provide mediation for the mutual 
authentication of the server and the client. 

In reference to claims 48-50, 55, and 57, Walker ('609) does not disclose a system to 
distribute a ticket for authentication purposes. 

Stalling discloses a method wherein the authenticating comprises forming, at the gaming 
system a request containing an identity string that includes a gaming system identity, multiple 
user identities, and an identity of an online service; submitting the request from the gaming 
system to the authentication entity; creating at the authentication entity, a reply containing the 
identity string and a session key KXA to be used in communication between the gaming system 
and the online service, the reply being encrypted with a key associated with the online service; 
and returning the reply from the authentication entity to the gaming system (pages 337 and 338). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of tickets as 
in Stalling in the system of Walker ('609). One of ordinary skill in the art would have been 
motivated to do this because it is a system that would provide mediation for the mutual 
authentication of the server and the client. 

In reference to claims 57, Walker ('609) does not disclose a system to distribute a ticket 
for authentication purposes. 
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Stalling discloses a method wherein the authenticating comprises forming, at the gaming 
system a request containing an identity string that includes a gaming system identity, multiple 
user identities, and an identity of an online service; submitting the request from the gaming 
system to the authentication entity; creating at the authentication entity, a reply containing the 
identity string and a session key KXA to be used in communication between the gaming system 
and the online service, the reply being encrypted with a key associated with the online service; 
and returning the reply from the authentication entity to the gaming system (pages 337 and 338). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use Kerberos as a third party authenticating entity for distribution of tickets as 
in Stalling in the system of Walker ('609). One of ordinary skill in the art would have been 
motivated to do this because it is a system that would provide mediation for the mutual 
authentication of the server and the client. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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